Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-3659

    Firmware in KAON AR2140 routers prior to version 4.2.16 is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the ro... Read more

    Affected Products : ar2140_firmware ar2140
    • Published: Aug. 08, 2024
    • Modified: Aug. 12, 2024

  • 7.2

    HIGH
    CVE-2024-41942

    JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The... Read more

    Affected Products : jupyterhub
    • Published: Aug. 08, 2024
    • Modified: Aug. 12, 2024

  • 5.9

    MEDIUM
    CVE-2024-42354

    Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to... Read more

    Affected Products : shopware
    • Published: Aug. 08, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-42355

    Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, b... Read more

    Affected Products : shopware
    • Published: Aug. 08, 2024
    • Modified: Aug. 12, 2024

  • 8.3

    HIGH
    CVE-2024-42356

    Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a ... Read more

    Affected Products : shopware
    • Published: Aug. 08, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-42357

    Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by ... Read more

    Affected Products : shopware
    • Published: Aug. 08, 2024
    • Modified: Aug. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-41238

    A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.... Read more

    • Published: Aug. 08, 2024
    • Modified: Aug. 12, 2024

  • 6.4

    MEDIUM
    CVE-2024-6639

    The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This ma... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-41476

    AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 7.5

    HIGH
    CVE-2024-42010

    mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.... Read more

    Affected Products : roundcube
    • Published: Aug. 05, 2024
    • Modified: Aug. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-7416

    The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for un... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 8.3

    HIGH
    CVE-2024-5800

    Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.... Read more

    Affected Products : automation_runtime
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 8.3

    HIGH
    CVE-2024-42370

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. ... Read more

    Affected Products : litestar
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-7413

    The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for ... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-7621

    The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-7410

    The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. This is due the plugin not preventing direct access to the /my-custom-css/vendor/mobiledetect/mobiledetectlib/export/exportTo... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 8.6

    HIGH
    CVE-2024-21881

    Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x... Read more

    Affected Products : envoy_firmware
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-7648

    The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticate... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 6.1

    MEDIUM
    CVE-2024-7649

    The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-7382

    The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024
Showing 20 of 289997 Results